Information handling system with overlay ownership certificates for ownership chaining

ABSTRACT

An information handling system includes a provisioning server and a server. The server includes a baseboard management controller (BMC) that configures a first ownership certificate for the server, and provides it to the provisioning server. The first ownership certificate is associated with a first owner. The BMC receives a first signed provisioning configuration content, and stores the first signed provisioning configuration content in an encrypted memory. The BMC configures a second ownership certificate for the server, and provides it to the provisioning server. The second ownership certificate is associated with a second owner. The BMC receives a second signed provisioning configuration content, and stores the second signed provisioning configuration content on top of the first signed provisioning configuration content in the encrypted memory. In response to an expiration of the second ownership certificate, the BMC removes the first signed provisioning configuration content, and applies the second signed provisioning configuration content.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a Continuation of U.S. patent application Ser. No. 17/189,886 entitled “INFORMATION HANDLING SYSTEM WITH OVERLAY OWNERSHIP CERTIFICATES FOR OWNERSHIP CHAINING,” filed Mar. 2, 2021, the disclosure of which is hereby expressly incorporated by reference in its entirety.

FIELD OF THE DISCLOSURE

The present disclosure generally relates to information handling systems, and more particularly relates to overlay ownership certificates for ownership chaining.

BACKGROUND

As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option is an information handling system. An information handling system generally processes, compiles, stores, or communicates information or data for business, personal, or other purposes. Technology and information handling needs and requirements can vary between different applications. Thus information handling systems can also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information can be processed, stored, or communicated. The variations in information handling systems allow information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems can include a variety of hardware and software resources that can be configured to process, store, and communicate information and can include one or more computer systems, graphics interface systems, data storage systems, networking systems, and mobile communication systems. Information handling systems can also implement various virtualized architectures. Data and voice communications among information handling systems may be via networks that are wired, wireless, or some combination.

SUMMARY

An information handling system includes a provisioning server and a server. The server includes a baseboard management controller (BMC) that may configure a first ownership certificate for the server, and provide the first ownership certificate to the provisioning server. The first ownership certificate may be associated with a first owner. The BMC may receive a first signed provisioning configuration content. The first signed provisioning configuration content may be based on the first ownership certificate. The BMC may store the first signed provisioning configuration content in an encrypted memory. The BMC may configure a second ownership certificate for the server, and provide the second ownership certificate to the provisioning server. The second ownership certificate may be associated with a second owner. The BMC may receive a second signed provisioning configuration content. The second signed provisioning configuration content may be based on the second ownership certificate. The BMC may store the second signed provisioning configuration content on top of the first signed provisioning configuration content in the encrypted memory. In response to an expiration of the second ownership certificate, the BMC may remove the first signed provisioning configuration content, and apply the second signed provisioning configuration content.

BRIEF DESCRIPTION OF THE DRAWINGS

It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the Figures are not necessarily drawn to scale. For example, the dimensions of some elements may be exaggerated relative to other elements. Embodiments incorporating teachings of the present disclosure are shown and described with respect to the drawings herein, in which:

FIG. 1 is a block diagram of a general information handling system according to at least one embodiment of the present disclosure;

FIG. 2 is a block diagram of an information handling system with a server and provisioning server according to at least one embodiment of the disclosure;

FIG. 3 is a diagram of transitions between different owners of an information handling system according to at least one embodiment of the disclosure; and

FIG. 4 is a flow diagram of a method for overlaying ownership certificates to provide ownership chaining in an information handling system according to at least one embodiment of the current disclosure.

The use of the same reference symbols in different drawings indicates similar or identical items.

DETAILED DESCRIPTION OF THE DRAWINGS

The following description in combination with the Figures is provided to assist in understanding the teachings disclosed herein. The description is focused on specific implementations and embodiments of the teachings, and is provided to assist in describing the teachings. This focus should not be interpreted as a limitation on the scope or applicability of the teachings.

FIG. 1 illustrates a general information handling system 100. For purposes of this disclosure, an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, entertainment, or other purposes. For example, an information handling system may be a personal computer, a PDA, a consumer electronic device, a network server or storage device, a switch router or other network communication device, or any other suitable device and may vary in size, shape, performance, functionality, and price. The information handling system may include memory, one or more processing resources such as a central processing unit (CPU) or hardware or software control logic. Additional components of the information handling system may include one or more storage devices, one or more communications ports for communicating with external devices as well as various other I/O devices, such as a keyboard, a mouse, and a video display. The information handling system may also include one or more busses operable to transmit communications between the various hardware components.

Information handling system 100 including a processor 102, a memory 104, a chipset 106, one or more PCIe buses 108, a universal serial bus (USB) controller 110, a USB bus 112, a keyboard device controller 114, a mouse device controller 116, a configuration a SATA bus controller 120, a SATA bus 122, a hard drive device controller 124, a compact disk read only memory (CD ROM) device controller 126, a storage 128, a graphics device controller 130, a network interface controller (NIC) 140, a wireless local area network (WLAN) or wireless wide area network (WWAN) controller 150, a serial peripheral interface (SPI) bus 160, a NVRAM 170 for storing BIOS 172, and a baseboard management controller (BMC) 180. In an example, chipset 106 may be directly connected to an individual end point via a PCIe root port within the chipset and a point-to-point topology as shown in FIG. 1 . BMC 180 can be referred to as a service processor or embedded controller (EC). Capabilities and functions provided by BMC 180 can vary considerably based on the type of information handling system. For example, the term baseboard management system is often used to describe an embedded processor included at a server, while an embedded controller is more likely to be found in a consumer-level device. As disclosed herein, BMC 180 represents a processing device different from CPU 102, which provides various management functions for information handling system 100. For example, an embedded controller may be responsible for power management, cooling management, and the like. An embedded controller included at a data storage system can be referred to as a storage enclosure processor.

System 100 can include additional processors that are configured to provide localized or specific control functions, such as a battery management controller. Bus 160 can include one or more busses, including a SPI bus, an I2C bus, a system management bus (SMBUS), a power management bus (PMBUS), and the like. BMC 180 can be configured to provide out-of-band access to devices at information handling system 100. As used herein, out-of-band access herein refers to operations performed prior to execution of BIOS 172 by processor 102 to initialize operation of system 100.

BIOS 172 can be referred to as a firmware image, and the term BIOS is herein used interchangeably with the term firmware image, or simply firmware. BIOS 172 includes instructions executable by CPU 102 to initialize and test the hardware components of system 100, and to load a boot loader or an operating system (OS) from a mass storage device. BIOS 172 additionally provides an abstraction layer for the hardware, such as a consistent way for application programs and operating systems to interact with the keyboard, display, and other input/output devices. When power is first applied to information handling system 100, the system begins a sequence of initialization procedures. During the initialization sequence, also referred to as a boot sequence, components of system 100 are configured and enabled for operation, and device drivers can be installed. Device drivers provide an interface through which other components of the system 100 can communicate with a corresponding device.

Information handling system 100 can include additional components and additional busses, not shown for clarity. For example, system 100 can include multiple processor cores, audio devices, and the like. While a particular arrangement of bus technologies and interconnections is illustrated for the purpose of example, one of skill will appreciate that the techniques disclosed herein are applicable to other system architectures. System 100 can include multiple CPUs and redundant bus controllers. One or more components can be integrated together. For example, portions of chipset 106 can be integrated within CPU 102. Additional components of information handling system 100 can include one or more storage devices that can store machine-executable code, one or more communications ports for communicating with external devices, and various input and output (I/O) devices, such as a keyboard, a mouse, and a video display. An example of information handling system 100 includes a multi-tenant chassis system where groups of tenants (users) share a common chassis, and each of the tenants has a unique set of resources assigned to them. The resources can include blade servers of the chassis, input/output (I/O) modules, Peripheral Component Interconnect-Express (PCIe) cards, storage controllers, and the like.

In an example, information handling system 100 may be any suitable device including, but not limited to, compute device 202 of FIG. 2 . Information handling system 100 can include a set of instructions that can be executed to cause the information handling system to perform any one or more of the methods or computer based functions disclosed herein. The information handling system 100 may operate as a standalone device or may be connected to other computer systems or peripheral devices, such as by a network.

In a networked deployment, the information handling system 100 may operate in the capacity of a server or as a client user computer in a server-client user network environment, or as a peer computer system in a peer-to-peer (or distributed) network environment. The information handling system 100 can also be implemented as or incorporated into various devices, such as a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a mobile device, a palmtop computer, a laptop computer, a desktop computer, a communications device, a wireless telephone, a land-line telephone, a control system, a camera, a scanner, a facsimile machine, a printer, a pager, a personal trusted device, a web appliance, a network router, switch or bridge, or any other machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. In a particular embodiment, the computer system 100 can be implemented using electronic devices that provide voice, video or data communication. Further, while a single information handling system 100 is illustrated, the term “system” shall also be taken to include any collection of systems or sub-systems that individually or jointly execute a set, or multiple sets, of instructions to perform one or more computer functions.

FIG. 2 illustrates an information handling system 200 including a server 202 and a provisioning server 204 according to at least one embodiment of the disclosure. Server 202 may communicate with provisioning server 204 via a network 206. Server 202 includes a baseboard management controller (BMC) 210, which in turn includes a memory 212. In certain examples, BMC may be a commercially available BMC product or other device that operates in accordance with an Intelligent Platform Management Initiative (IPMI) specification, a Web Services Management (WSMan) interface, a Redfish Application Programming Interface (API), another Distributed Management Task Force (DMTF), or other management standard, and can include an Integrated Dell Remote Access Controller (iDRAC), an Embedded Controller (EC), or the like.

In an example, BMC 210 may store any suitable data within memory 212 including, but not limited to, one or more signed provisioning configuration content 220. In certain examples, signed provisioning configuration content 220 may include data to enable an owner of server 202 access to the server. For example, signed provisioning configuration content may include, but is not limited to, an administration username and password associated with an ownership certificate for the owner. In an example, server 202 may include additional components over those shown in FIG. 2 without varying from the scope of this disclosure.

Provisioning server 204 may include one or more owner certificates 230. In an example, each different owner certificate 230 may be associated with a different owner of server 202. In an example, provisioning server 204 may include additional components over those shown in FIG. 2 without varying from the scope of this disclosure.

When an information handling system is utilized for bare-metal as-a-service (Baas), a bare metal cloud platform may hand over an information handling system or server to an end user and the end user may use the server how they want. Then the bare metal cloud platform may take the server back when the end user is done with it. In previous information handling systems, ownership of the information handling system may be leased or transferred from one owner to a new owner for a period of time. When the lease expired, the previous owner would need to manually reinitiate ownership in the information handling system. Additionally, in previous information handling systems, when ownership is transferred back to the previous owner, the most recent owner may forget to clean up the data on the information handling system. This failure to clean up or remove data before ownership reverts to the previous owner may result in confidential data associated with the most recent owner being exposed to the previous owner. Previous information handling systems also allow a current owner to change administration usernames and passwords, administration privileges, configurations, and customizations of the information handling system. In these previous information handling systems, if the current owner does not reset these changes, the previous owner may not have access to the information handling system through a management interface. Thus, information handling system or server 202 may be improved by providing a system to provide automatic reversion of ownership at the expiration of a current lease, secure erasing of confidential data, and reversion to a previous configuration at the end of a leasing period.

During the lifetime of server 202, ownership or use of the server may transfer among multiple owners. For example, a manufacturer may ship server 202, or a storage device, to a hardware-as-a-service (Haas) vendor, and the Haas vendor may be a first owner of the server. Next, the Haas vendor may transfer the ownership of server 202 to a Baas cloud provider, which may be the second owner of the server. The Baas cloud provider may lease server 202 to a service provider or end user, which may be a third owner of the server. In this example, each owner may receive ownership of server 202 via a lease for a different amount of time, and the ownership of the server should revert back to the previous owner at the expiration of the lease.

In an example, the Haas vendor or first owner may be the original owner of server 202, and the Baas cloud provider may lease the server for a specific amount of time including, but not limited to, two years, five years and ten years. The Baas cloud provider may transfer ownership of server 202 to the end user or third owner via a sub-lease for a particular amount of time, which may be equal to or less than the amount of time granted to the second owner. For example, the end user or third owner may lease server 202 for an amount of time including, but not limited to, three months, six months, and a year. In response to the sub-lease for the third owner expiring, the ownership of server 202 may automatically revert back to the second owner/Baas cloud provider. At this point, the second owner/Baas owner may provide another sub-lease to another owner for an amount of time not exceeding the remaining time on the second owner's lease. When the lease for the second owner expires, the ownership of server 202 may then automatically revert back to the first owner/Haas vendor, and the entire process may be performed again. The ownership transfer by chaining ownership certificates for server 202 will be discussed with respect to FIGS. 2 and 3 .

Referring to FIG. 2 , during manufacturing of server 202, a first certificate, a first public key, and a first private key may be installed into the server. In an example, the first certificate, the first public key, and the first private key may be utilized to automatically apply associated provisioning configuration content when server 202 is powered on. The provisioning configuration content may be automatically applied in any suitable manner including, but not limited to, a zero touch provision. In an example, a zero touch provisioning may result in server 202 being provisioned according to the provisioning configuration without interaction from the owner of the server. In certain examples, the provisioning configuration content may contain any suitable data including, but not limited to, a list of user configurations, administrator username and password, hardware device configuration details, IP address, software configuration details, and firmware update details. In an example, the ownership certificate, public and private keys, and provisioning configuration content may be generated in any suitable format, such as XML/JSON format.

Referring now to FIG. 3 , a sequence 300 of ownership transfers is illustrated according to at least one embodiment of the disclosure. The sequence 300 may transition among owners 302, 304, and 306. For brevity and clarity, the ownership transfers are discussed with respect to owners 302, 304, and 308. However, one of ordinary skill in the art would recognize that sequence 300 may include ownership transfers for any number of owners without varying from the scope of this disclosure.

Referring to both FIGS. 2 and 3 , owner 302 may register ownership of server 202 by configuring an ownership certificate 230 within provisioning server 204. In an example, the configuration information for the ownership certificate may be provided to provisioning server 204 via any suitable means including, but not limited to, an encrypted communication over network 206. BMC 210 may export a current server profile to provisioning server 204, and may update required configuration data for server 202. For example, owner 302 may utilize baseboard management controller 210 to update an administrator username and an administrator password. In an example, the configuration data may also be included within server 202 during shipment of the server, within owner hardware and software inventory and configuration.

BMC 210 may utilize the first private key of the first certificate 230 to provision configuration content in any suitable format, such as XML/JSON format, and export the configuration content to provisioning server 204. In response to the provisioning content being received at provisioning server 204, a processor, such as CPU 102 of FIG. 1 , within the provisioning server may determine whether the provisioning content is valid. In an example, the provisioning server 204 may determine if the provisioning content is valid based on the public key provided from BMC 210. For example, provisioning server 204 may authenticate a received public key based on a private key associated with the first certificate and stored within a memory of the provisioning server. In response to the provisioning content being validated, provisioning server 204 may return signed provisioning configuration content to BMC 210.

BMC 210 may store signed provisioning configuration content 220 within memory 212. In an example, memory 212 may be any suitable encrypted memory including, but not limited to, a credential vault memory or memory location. In response to the signed provisioning configuration content 220 associated with owner 302 being stored in memory 212, the owner may utilize the administrator username and password to perform operations within server 202, to change configurations of the server, or the like.

In an example, one or more suitable operations may be performed to lease server 202 to a second owner, such as owner 304 in FIG. 3 . In this example, owner 302 may utilize BMC 210 and provisioning server 204 to perform an ownership transfer 310 to owner 304. BMC 210 may initiate ownership transfer 310 by providing transfer data to provisioning server 204. In an example, the transfer data may be any suitable data including, but not limited to, a username and password for second owner 304, and updated configuration data for server 202 associated with the second owner. BMC 210 may also provide a signed ownership transfer certificate to provisioning server 204 along with the other transfer data.

In certain examples, after owner 302 utilizes BMC 210 to initiate ownership transfer 310 via the signed ownership transfer certificate, owner 304 may access BMC 210 to register ownership of server 202. In an example, BMC 210 may configure the ownership certificate 230 associated with owner 304 within provisioning server 204. BMC 210 may also provide a countersigned ownership transfer certificate associated with ownership transfer 310 to provisioning server 204. Owner 304, via BMC 210, may request a second ownership certificate 230, a second public key, a second private key, and second provisioning configuration content based on any suitable operations. For example, BMC 210 may provide the first ownership certificate and first public key both of which are associated with the first or current owner 302.

Based on ownership transfer 310 of server 202 to new owner 304, BMC 210 may export a current server profile to provisioning server 204, and may update required configuration data for server 202. For example, owner 304 may utilize baseboard management controller 210 to update an administrator username, an administrator password, and other hardware and software inventory and configurations.

BMC 210 may utilize the second private key of the second certificate 230 to provision configuration content in any suitable format, such as XML/JSON format, and export the configuration content to provisioning server 204. In response to the second provisioning configuration content being received at provisioning server 204, a processor within the provisioning server may determine whether the provisioning content is valid. In an example, the provisioning server 204 may determine if the second provisioning configuration content is valid based on the second public key provided from BMC 210. For example, provisioning server 204 may authenticate a received second public key based on a second private key associated with the second ownership certificate and stored within a memory of the provisioning server. In response to the provisioning content being validated, provisioning server 204 may return signed second provisioning configuration content to BMC 210.

In response to receiving the second signed provisioning configuration content 220, BMC 210 may store second signed provisioning configuration content 220 on top of the first signed provisioning configuration content within memory 212. In response to the second signed provisioning configuration content 220 associated with owner 304 being stored on top of the first signed provisioning configuration content in memory 212, the owner may utilize the administrator username and password to perform operations within server 202, to change configurations of the server, or the like. In certain examples, the second signed provisioning configuration content may be automatically applied in any suitable manner including, but not limited to, a zero touch provision. In an example, a zero touch provisioning may result in server 202 being provisioned according to the second provisioning configuration content without interaction from the owner of the server.

In an example, second ownership certificate 230 may be valid only for a specific amount of time. The specific amount of time may be any suitable amount including, but not limited to, years, months, days, and hours. In an example, when second ownership certificate 230 expires, ownership of server 202 may automatically revert back to the previous owner 302 as will be described in greater detail below.

If second ownership certificate 230 has not yet expired, server 202 may be transferred to another owner 306 via an ownership transfer 312. In an example, ownership transfer from owner 304 to owner 306 may be performed in substantially the same manner as described above for ownership transfer 310 from owner 302 to owner 306, such that a third signed provisioning configuration content is overlaid on the second signed provisioning configuration content within memory 212. Thus, for clarity and brevity ownership transfer 310, the configuration of a third certificate, third public key, and third private key will not be described herein, but is performed by BMC 210 and provisioning server 204 as described above for the second certificate, second public key, and second private key. BMC 210 may maintain the hierarchy of the provisioning configuration content 230 within memory 212. Based on the hierarchy, BMC 210 may consider the most recently stored signed provisioning configuration content as the active provisioning configuration content. BMC 210 may lock the provisioning configuration content using any suitable manner including, but not limited to, system lockdown to avoid a configuration drift.

In certain examples, third ownership certificate 230 may be valid only for a specific amount of time, and the amount of time for the third ownership certificate should be less than the expiration of the second ownership certificate. In an example, a timer may be set within BMC 210 for third ownership certificate 230. In response to expiration of the timer, BMC 210 may check the third certificate 230 to determine whether the third certificate has expired.

In response to expiration of the third certificate, BMC 210 may perform one or more operations to revert the ownership of server 202 back to the previous owner, such as owner 304, via an automatic ownership transfer 314. For example, upon expiration of the third certificate, BMC 210 may remove or delete data in memory addresses of memory 212 that store the third signed provisioning configuration content. In response to the top provisioning configuration content being deleted, BMC 210 may automatically apply the next down provisioning configuration content, which is now the most recent provisioning configuration content. In an example, BMC 210 may apply any suitable configuration data for owner 304 including, but not limited to, the second administrator username, the second administrator password, firmware updates, system lockdown, and IP address configurations. The application of the provisioning configuration content 230 associated with the previous owner, such as owner 304, may allow the previous owner to seamlessly claim ownership and have full access to server 202 without any residual data from the delete provisioning content remaining on the server. In this example, automatic ownership transfer 314 may provide the previous owner 304 with full access without owner 304 needing assistance or permission from the expired owner 306.

In an example, second certificate 230 may expired when an amount of time associated with the lease of owner 304. In this situation, automatic ownership transfer 316 may be performed in substantially the same manner as automatic ownership transfer 314. In response to completion of automatic ownership transfer 316, the ownership of server 202 by owner 302 as well as the first ownership certificate may be renewed.

In an example, a motherboard of server 202 may need to be replaced. In this situation, BMC 210 may store critical data in an external memory attached to the server. The critical data may include, but is not limited to, the provisioning configuration content hierarchy, stored certificates, and stored public and private keys. The external memory may be any suitable memory, such as a memory in a display panel attached to server 202. When a new motherboard is connected, BMC 210 may retrieve the critical data and restore this data in memory 212.

FIG. 4 illustrates a method 400 for overlaying ownership certificates to provide ownership chaining in an information handling system according to at least one embodiment of the current disclosure, starting at block 402. It will be readily appreciated that not every method step set forth in this flow diagram is always necessary, and that certain steps of the methods may be combined, performed simultaneously, in a different order, or perhaps omitted, without varying from the scope of the disclosure. FIG. 4 may be employed in whole, or in part, by information handling system 100 depicted in FIG. 1 , information handling system 200 depicted in FIG. 2 , or any other type of system, controller, device, module, processor, or any combination thereof, operable to employ all, or portions of, the method of FIG. 1 .

At block 404, a first ownership certificate is configured. At block 406, the first ownership certificate is provided to a provisioning server. In an example, the ownership certificate may be provided to the provisioning server via any suitable means including, but not limited to, an encrypted communication over a network. At block 408, first signed provisioning configuration content is received. In certain examples, the provisioning configuration content may contain any suitable data including, but not limited to, a list of user configurations, administrator username and password, hardware device configuration details, IP address, software configuration details, and firmware update details. At block 410 the first signed provisioning configuration content is stored in a memory. In an example, the memory may be any suitable encrypted memory including, but not limited to, a credential vault memory or memory location.

At block 412, a second ownership certificate is configured. At block 414, the second ownership certificate is provided to a provisioning server. In an example, the ownership certificate may be provided to the provisioning server via any suitable means including, but not limited to, an encrypted communication over a network. At block 416, second signed provisioning configuration content is received. In an example, the second signed provisioning configuration content may be received from the provisioning server. At block 418, the second signed provisioning configuration content is stored in the memory. In an example, the second signed provisioning configuration content may be stored as an overlay on the first signed provisioning configuration content, such that the second signed provisioning configuration content is the active content. The memory may be located with a BMC of the server.

At block 420, a determination is made whether the second ownership certificate has expired. In an example, the expiration of the second ownership certificate may be based on a specific amount of time of a lease. The specific amount of time may be any suitable amount including, but not limited to, years, months, days, and hours. When the second ownership certificate has expired, the second signed provisioning configuration content is removed at block 422. At block 424, the first signed provisioning configuration content is applied, and the flow ends at block 426. In an example, the first signed provisioning configuration content may be applied as any suitable configuration data including, but not limited to, the administrator username, the administrator password, firmware updates, system lockdown, and IP address configurations. The application of the provisioning configuration content associated with the previous owner may allow the previous owner to seamlessly claim ownership and have full access to the server without any residual data from the delete provisioning content remaining on the server. In this example, the automatic ownership transfer may provide the previous owner with full access without the renewed owner needing assistance or permission from the expired owner.

Referring back to FIG. 1 , the information handling system 100 can include a disk drive unit and may include a computer-readable medium, not shown in FIG. 1 , in which one or more sets of instructions, such as software, can be embedded. Further, the instructions may embody one or more of the methods or logic as described herein. In a particular embodiment, the instructions may reside completely, or at least partially, within system memory 104 or another memory included at system 100, and/or within the processor 102 during execution by the information handling system 100. The system memory 104 and the processor 102 also may include computer-readable media.

While the computer-readable medium is shown to be a single medium, the term “computer-readable medium” includes a single medium or multiple media, such as a centralized or distributed database, and/or associated caches and servers that store one or more sets of instructions. The term “computer-readable medium” shall also include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by a processor or that cause a computer system to perform any one or more of the methods or operations disclosed herein.

In a particular non-limiting, exemplary embodiment, the computer-readable medium can include a solid-state memory such as a memory card or other package that houses one or more non-volatile read-only memories. Further, the computer-readable medium can be a random access memory or other volatile re-writable memory. Additionally, the computer-readable medium can include a magneto-optical or optical medium, such as a disk or tapes or other storage device to store information received via carrier wave signals such as a signal communicated over a transmission medium. Furthermore, a computer readable medium can store information received from distributed network resources such as from a cloud-based environment. A digital file attachment to an e-mail or other self-contained information archive or set of archives may be considered a distribution medium that is equivalent to a tangible storage medium. Accordingly, the disclosure is considered to include any one or more of a computer-readable medium or a distribution medium and other equivalents and successor media, in which data or instructions may be stored.

When referred to as a “device,” a “module,” or the like, the embodiments described herein can be configured as hardware. For example, a portion of an information handling system device may be hardware such as, for example, an integrated circuit (such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a structured ASIC, or a device embedded on a larger chip), a card (such as a Peripheral Component Interface (PCI) card, a PCI-express card, a Personal Computer Memory Card International Association (PCMCIA) card, or other such expansion card), or a system (such as a motherboard, a system-on-a-chip (SoC), or a stand-alone device).

The device or module can include software, including firmware embedded at a processor or software capable of operating a relevant environment of the information handling system. The device or module can also include a combination of the foregoing examples of hardware or software. Note that an information handling system can include an integrated circuit or a board-level product having portions thereof that can also be any combination of hardware and software.

Devices, modules, resources, or programs that are in communication with one another need not be in continuous communication with each other, unless expressly specified otherwise. In addition, devices, modules, resources, or programs that are in communication with one another can communicate directly or indirectly through one or more intermediaries.

Although only a few exemplary embodiments have been described in detail herein, those skilled in the art will readily appreciate that many modifications are possible in the exemplary embodiments without materially departing from the novel teachings and advantages of the embodiments of the present disclosure. Accordingly, all such modifications are intended to be included within the scope of the embodiments of the present disclosure as defined in the following claims. In the claims, means-plus-function clauses are intended to cover the structures described herein as performing the recited function and not only structural equivalents, but also equivalent structures. 

What is claimed is:
 1. An information handling system comprising: a memory to store a plurality of signed provisioning configuration content including first and second signed provisioning configuration content; and a baseboard management controller to: receive the second signed provisioning configuration content, wherein the second signed provisioning configuration content is based on a second ownership certificate associated with a second owner; store the second signed provisioning configuration content on top of the first signed provisioning configuration content in the memory, wherein the first signed provisioning configuration content is based on a first ownership certificate associated with a first owner of the information handling system; and in response to an expiration of the second ownership certificate: remove the second signed provisioning configuration content; and apply the first signed provisioning configuration content.
 2. The information handling system of claim 1, wherein the baseboard management controller further to export a current server profile, and to update a configuration content for the server.
 3. The information handling system of claim 2, wherein the configuration content includes an administrator user name and an administrator password.
 4. The information handling system of claim 2, wherein the baseboard management controller further to encode the updated configuration content with a private key, and to provide the encoded updated configuration content to a provisioning server.
 5. The information handling system of claim 1, the baseboard management controller further to transfer ownership of the server to the second user in a provisioning server, and to provide a signed ownership transfer certificate.
 6. The information handling system of claim 5, wherein the baseboard management controller further to provide a countersigned ownership transfer certificate along with the second ownership certificate to a provisioning server.
 7. The information handling system of claim 5, wherein the baseboard management controller further to lock the second signed provisioning configuration content on top of the first signed provisioning configuration content.
 8. The information handling system of claim 1, wherein prior to the removal of the second signed provisioning configuration content, the baseboard management controller to unlock the second signed provisioning configuration content.
 9. A method comprising: receiving, from a provisioning server, first signed provisioning configuration content, wherein the first signed provisioning configuration content is based on a first ownership certificate associated with a first owner of an information handling system; storing, by a baseboard management controller of the information handling system, the first signed provisioning configuration content in the memory; receiving, from the provisioning server, second signed provisioning configuration content, wherein the second signed provisioning configuration content is based on a second ownership certificate associated with a second owner; storing the second signed provisioning configuration content on top of the first signed provisioning configuration content in the memory; and in response to an expiration of the second ownership certificate: removing the second signed provisioning configuration content; and applying the first signed provisioning configuration content.
 10. The method of claim 9, further comprising: exporting a current server profile; and updating a configuration content for the server.
 11. The method of claim 10, wherein the configuration content includes an administrator user name and an administrator password.
 12. The method of claim 10, further comprising: encoding the updated configuration content with a private key; and providing the encoded updated configuration content to the provisioning server
 13. The method of claim 9, further comprising: transferring ownership of the server to the second user in the provisioning server; and providing a signed ownership transfer certificate.
 14. The method of claim 13, further comprising providing a countersigned ownership transfer certificate along with the second ownership certificate to the provisioning server.
 15. The method of claim 13, further comprising locking the second signed provisioning configuration content on top of the first signed provisioning configuration content.
 16. The method of claim 9, prior to the removing of the second signed provisioning configuration content, the method further comprising unlocking the second signed provisioning configuration content.
 17. A non-transitory computer-readable medium including code that when executed performs a method, the method comprising: receiving, from a provisioning server, first signed provisioning configuration content, wherein the first signed provisioning configuration content is based on a first ownership certificate associated with a first owner of an information handling system; storing, by a baseboard management controller of the information handling system, the first signed provisioning configuration content in a memory; receiving, from the provisioning server, second signed provisioning configuration content, wherein the second signed provisioning configuration content is based on a second ownership certificate associated with a second owner; storing the second signed provisioning configuration content on top of the first signed provisioning configuration content in the memory; and in response to an expiration of the second ownership certificate: removing the second signed provisioning configuration content; and applying the first signed provisioning configuration content.
 18. The non-transitory computer-readable medium of claim 17, wherein the method further comprises: transferring ownership of the server to the second user in the provisioning server; and providing a signed ownership transfer certificate.
 19. The non-transitory computer-readable medium of claim 17, wherein the method further comprises providing a countersigned ownership transfer certificate along with the second ownership certificate to the provisioning server.
 20. The non-transitory computer-readable medium of claim 19, wherein the method further comprises locking the second signed provisioning configuration content on top of the first signed provisioning configuration content. 